The privacy watchdog has expressed concerns that a 10-month grace period the banking industry is seeking to prepare for tighter laws on direct sales tactics will be exploited. Privacy Commissioner Allan Chiang Yam-wang agreed a grace period was necessary to help the industry take steps for an amended privacy law. But he feared direct marketers would make use of the time to collect as much data as possible to evade prosecution, since all data collected before the change would be excluded from the tighter rules. 'We are worried that, within this 10-month period, there will be some inappropriate direct-marketing activities,' Chiang said. 'We speculate that some businesses engaged in direct marketing will evade the new regulations by collecting and using [new] data during the gap.' The Personal Data (Privacy) Amendment Bill is expected to be passed by the Legislative Council before its term ends in July. It will criminalise companies that do not notify customers of the kind of data to be used or transferred or seek their indication of no-objection before using their data for direct marketing. The government moved to tighten the privacy law after Octopus Card sparked a controversy in 2010 with its admission that it had sold the personal details of more than a million customers to business partners. Chiang said there was a need to impose a cut-off date for the exemption of data collected, after which companies carrying out direct marketing could not seek cover. He said the best option would be to set the cut-off date on the day after the bill was passed. The government did not seem convinced that the grace period would be exploited, said Chiang, who met officials from the Constitutional and Mainland Affairs Bureau on Monday. A bureau spokeswoman said it was considering the privacy commissioner's views. Chiang also said customers should have the right to trace the source of their personal data. Current and amended rules do not oblige businesses to tell customers how they have obtained the personal data. He also insisted on businesses getting a written, not verbal, indication of no objection from customers if personal data were to be transferred to a third party. The bill proposes a fine of up to HK$500,000 and three years' jail for illegal direct marking activities, and HK$1 million and five years' jail for the illegal transfer of data.